Web Authentication: An API for accessing Scoped Credentials

This specification defines an API enabling the creation and use of strong, attested,
cryptographic scoped credentials by web applications, for the purpose of strongly
authenticating users. Conceptually, one or more credentials, each scoped to a given
Relying Party, are created and stored on an authenticator by the user agent in conjunction
with the web application. The user agent mediates access to scoped credentials in
order to preserve user privacy. Authenticators are responsible for ensuring that no
operation is performed without user consent. Authenticators provide cryptographic
proof of their properties to relying parties via attestation. This specification also
describes the functional model for WebAuthn conformant authenticators, including their
signature and attestation functionality.